| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Currently, when IPFIX records generation is enabled for an interface in
the TX direction, some rewritten traffic is being sent from that
interface, and the Ethernet header's location has changed due to
rewriting, generated TX flows will contain fields with wrong and zero
values. For example, that can be observed when traffic is rewritten from
a subinterface to a hardware interface (i.e. when tags are removed). A
TX flow generated in this case will have wrong L2 fields because of an
incorrectly located Ethernet header. And zero L3/L4 fields because the
Ethernet type will match neither IP4 nor IP6.
The same code is executed to generate flows for both input and output
features. And the same mechanism is applied to identify the Ethernet
header in the buffer's data. However, such general code usually works
with the buffer's data conditionally based on the direction. For most
input features, the buffer's current_data will likely point to the IP
header. For most output features, the buffer's current_data will likely
point to the Ethernet header.
With this fix:
- Keep relying on ethernet_buffer_get_header() to locate the Ethernet
header for input features. And start using vlib_buffer_get_current()
to locate the Ethernet header for output features. The function will
account for the Ethernet header's position change in the buffer's
data if there is rewriting.
- After fixing Ethernet header determination in the buffer's data,
L3/L4 fields will contain non-zero but still incorrect data. That is
because IP header determination needs to be fixed too. It currently
relies on the fact that the Ethernet header is always located at the
beginning of the buffer's data and that l2_hdr_sz can be used as an
IP header offset. However, this may not be the case after rewriting.
So start calculating the actual offset of the IP header in the
buffer's data.
- Add a unit test to cover the case.
Type: fix
Change-Id: Icf3f9e6518912d06dff0d5aa48e103b3dc94edb7
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Do not force cleanup of tcp half-open connection if tcp's cleanup
notification to tls is pending.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I7bccbe8429a4aab10df1c89b66138b967e04ac19
|
|
Updated the gtpu plugin code to support the PDU Session user plane protocol, required for 5G, as
specified in 3GPP TS 38.415 version 17.0.0. This enables some initial support of 5G gNodeB's with
the gtpu plugin.
New features:
- Basic support for the GTP-U Extension Header Flag.
Packets with one extension can now be decapsulated.
This enables basic support of the PDU Session user plane protocol (3GPP TS 38.415 version 17.0.0).
New tunnels can be created with a PDU enable flag and a 6-bit QoS Flow Identifier (QFI).
With this, encapsulated packets will have the PDU Session extension header, and the QFI set.
- Ability to forward GTP-U packets that are not handled by the plugin directly.
Only GTP-U packets with a message type of 255 (G-PDU) are handled directly.
However, 3GPP TS 29.281 defines several other message types like echo and error indication.
A new feature is added to optionally forward unknown or unsupported packets to a new IP address.
This works separately for unknown GTP-U message types, unknown TEIDs, and packets with an unknown
GTP-U header.
This allows both echo and error indications from a 5G gNodeB to be handled by a different system
outside VPP.
- Simple way to get metrics for active tunnels and on tunnel close.
In 5G session/tunnel lifetime is often short and created frequently.
The normal API becomes too slow and inaccurate when too many tunnels are created and deleted
every second.
Improvements:
- A clean ground structure to handle multiple message type in the future.
The code path for G-PDU packets is optimized for performance, representing the typical case.
Unsupported GTP-U packets enter a slow path that decodes the nature of the error.
This presents a easy hook to handle other message types in the future.
- Improved error reporting
When using traces there is more details in the tunnel descriptions.
- Updated the API with several enums.
Fixes:
- gtpu0->length field in IPv6 was computed with IPv4 header lengths in the encapsulation code.
- vec_set_len (t->rewrite, ...) size was computed with the IPv4 header size also for IPv6 tunnels.
Issues:
- This PR does not enable full support of the 3GPP specification.
In particular it only supports a single QoS/QFI flow for each tunnel.
It ignores all incoming extension header flags.
- API functions might change again when/if more support of the 3GPP TS 38.415 spec is added.
Note that I have bumped the API version to 2.1.0 as it seems to be the correct approach based on
my API changes.
Type: feature
Signed-off-by: Rune E. Jensen <runeerle@wgtwo.com>
Change-Id: I91cd2b31f2561f1b3fb1e46c4c34a5a3c71b4625
|
|
Type: test
Change-Id: I1910f3ef79e9018aee032daca0f1932eccb7b9f9
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: improvement
Change-Id: Ie5fcaa706ab0995e0021cf1ee74b95c5a3b30283
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- notify app on failed connect
- avoid cleanup of ctx before transport cleanup to be able to handle
pending rx notifications.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637
|
|
In some anti-replay, some functions weren't using the boolean
telling if the window was huge or not. Hence, limiting the constant
propagation at compilation.
Type: fix
Change-Id: Ie5f2dda38339bb32113c6f7b2b82c82135fc92a8
Signed-off-by: Maxime Peim <mpeim@cisco.com>
|
|
Notify app that transport is closed when tcp moves to closed state.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I18cbe1ac16b1a48ecd06af4c1b5535e12e4b0e75
|
|
Make sure underlying transport connection is not removed on rescheduled
read event.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I0137a2e43aa84d9442279e036c25771aeefd207f
|
|
- test_http_static.py: If namespace creation fails, try to delete the namespace and create it again
- vpp_qemu_utils.py: Added "isinstance()" to "delete_namespace()" to match "create_namespace()"
Type: test
Change-Id: I88ff7a36f5d52816fee16283efba6af025496491
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: Ief0c0e13a2c19a03b48219d9a0d85256fb0c9dbe
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: I77f119ac982170627484d792dc456753c9847af8
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Change-Id: If380e4ab6ca30243137fd31fbe51845c0414721a
Type: improvement
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Change-Id: I4a0578598182339bcf76e6b01da76b590a06f773
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
af_packet does not process data until the interface is UP. If after interface creation, but before it is UP, the host interfaces are flooded, then blocking case may occur - VPP interface will never be able to process the data.
If the EDGE_TRIGGERED flag is set, the event will not arrive, because nothing new is happening anymore (probably because the queue is already full).
Therefore, we need to use LEVEL_TRIGGERED (default value), which indicates that there is still unprocessed data (accumulated after interface creation, but before it was UP).
Type: fix
Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
Change-Id: Ied459fd194149d09f226bcb0a5907b3e327b148a
|
|
As a result of recent fixes, all currently stored flows of an interface
are deleted when the feature is being disabled for the interface. This
includes stopping the timer and freeing the flow entries for further
reuse. The problem is that meta information is not cleared in the flow
entries being deleted. For example, packet delta count will keep its
value. The next flow that gets one of these pool entries will already
have a non-zero packet count. So the counting of packets will start from
a non-zero value. And incorrect packet delta count will be exported for
that flow.
With this fix, clear meta information too when clearing interface state.
Also, update the corresponding test to cover this case.
Type: fix
Change-Id: I9a73b3958adfd1676e66b0ed50f1478920671cca
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
The array bounds and string overread check on GCC 12 report a dozen of
false positives that result in VPP build failures on ubuntu 22.04.
Work around this build issue by unconditionally disabling these two
warnings if C compiler is GCC 12 or newer version.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I999e847bb625ebdf3ef5f11b11598c553f306670
|
|
GCC 12 complains about such errors while the code itself looks good.
Type: fix
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I021719fdbf7d9bd93a12eac76aeac8cbca13a810
|
|
Change-Id: If9381ae7283488b352a3c22f85732cd56ac6bfd9
Type: fix
Fixes: 9937359, 91ff0e9
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Change-Id: I0de1c51455b0d3958c75ab5626a318ac656adbe7
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
|
DPDK added new Rx checksum flags[1] to handle cases like the virtual
drivers. Current check of flags is not strict enough for flags like
RTE_MBUF_F_RX_IP_CKSUM_NONE and will always be true no matter the
checksum in packet is good or bad.
Fix this issue by comparing the result of AND operation with the
correspinding Rx checksum flags.
Before this patch, packet trace prints the offload flags as below:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_IP_CKSUM_NONE (0x0090) no IP cksum of RX pkt.
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_NONE (0x0108) no L4 cksum of RX pkt.
After this patch, packet offload flags would be like:
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Type: fix
[1] https://github.com/DPDK/dpdk/commit/5842289a546ceb0072bd7faccb93821e21848e07
Signed-off-by: Jieqiang Wang <jieqiang.wang@arm.com>
Change-Id: I3182022d9ccd46b2fc55bb3edfbfac9062ed7c89
|
|
Type: improvement
Change-Id: Ic8e2785bf375882defe5a1d299948d522cdd4895
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Fixes: 599a16b
Change-Id: I954e037ab944028798f9aa2a93f45322c8c7b4bb
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: fix
Signed-off-by: Stanislav Zaikin <stanislav.zaikin@46labs.com>
Change-Id: I16b48460b3fcd82bbb89c375402cb2455414d8bb
|
|
Type: improvement
Change-Id: Ie6987736faf7d8a641762e276775da8ee0c03ea4
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Allow settings default values explicitly in positive_int_or_default and
positive_float_or_default.
It allows setting setting default 0 test retries explicitly despite it
being not positive.
Type: improvement
Signed-off-by: Dmitry Valter <d-valter@yandex-team.com>
Change-Id: Id23a9fdae0ef174eea8992c1f9fc2530aade6194
|
|
Type: improvement
Change-Id: I9b9bb37a0895366b412f042b0e2da5bbdd477325
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
- Make framework.py classes a subset of asfframework.py classes
- Remove all packet related code from asfframework.py
- Add test class and test case set up debug output to log
- Repatriate packet tests from asf to test directory
- Remove non-packet related code from framework.py and
inherit them from asfframework.py classes
- Clean up unused import variables
- Re-enable BFD tests on Ubuntu 22.04 and fix
intermittent test failures in echo_looped_back
testcases (where # control packets verified but
not guaranteed to be received during test)
- Re-enable Wireguard tests on Ubuntu 22.04 and fix
intermittent test failures in handshake ratelimiting
testcases and event testcase
- Run Wiregard testcase suites solo
- Improve debug output in log.txt
- Increase VCL/LDP post sleep timeout to allow iperf server
to finish cleanly.
- Fix pcap history files to be sorted by suite and testcase
and ensure order/timestamp is correct based on creation
in the testcase.
- Decode pcap files for each suite and testcase for all
errors or if configured via comandline option / env var
- Improve vpp corefile detection to allow complete corefile
generation
- Disable vm vpp interfaces testcases on debian11
- Clean up failed unittest dir when retrying failed testcases
and unify testname directory and failed linknames into
framwork functions
Type: test
Change-Id: I0764f79ea5bb639d278bf635ed2408d4d5220e1e
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Do not add ip header as that's added by tcp output and fix checksum.
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I9439acf5c66184af0350b1d4d7406b3feb2e79a1
|
|
Type: test
Change-Id: I1883b50f67890aefb28ca0ca7447f4e73c574d26
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: feature
Change-Id: I9ae0dbf28b4571a37c568b587b771f90c06f200d
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: feature
Change-Id: I20c56e0d3103624407f18365c2bc1273dea5c199
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I4001f39afde8c33b60c15f74034bcce013fbbf70
|
|
As long as ack and segment are legitimate accept ooo data as we
transition to established.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I85cdc65d70cb8ae689a9ce9bbe4f86228b1ac533
|
|
Type: fix
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I231b319d4d7aa3e17cc8cfe8aaa4762995a5b2c4
|
|
- Use of well known UDP port numbers causes random
failure of mdata and bufmon tests
Type: test
Change-Id: I21a01c54e5f166aea101d3caace85b53f3f7285d
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Type: improvement
Modified "VPP with Containers" doc section to run on Ubuntu 22.04 LTS.
Change-Id: Ic09b88cf0e3b492711222a1bb24552de964a7d03
Signed-off-by: hsandid <halsandi@cisco.com>
|
|
Type: test
Change-Id: I5fddb293f1b56853613ca2823dbb6d3d887d9929
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: Ib320cfb5e20f12614c013a92ac15490f8ca3a7ce
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This fix differentiates UDP and UDP-encapsulated ESP packets processing.
While UDP-encapsulated ESP traffic is processed as IPsec traffic, UDP as
other plain-text protocols is NOT dispatched against SPD policies.
Key logic is taken from RFC 3948, and is based on the fact
that the checksum of UDP packet encapsulating ESP packet must be zero.
Type: fix
Signed-off-by: vinay tripathi <vinayx.tripathi@intel.com>
Change-Id: Ib1b4d240eea8e89f2daf17ec833905f26cdb31bd
|
|
traffics
In this patch, IPsec related test files have been modified to send UDP-encapsulated
ESP packets,and validate against Inbound and Outbound policies that are configured
with Bypass, Discard and Protect action.
Type: test
Change-Id: I4b8da18270fd177868223bfe1389dc9c50e86cc5
Signed-off-by: vinay Tripathi <vinayx.tripathi@intel.com>
|
|
ipsec_esp_packet_process
This inline function is introduced to simplify code readability and allows to splitting of
UDP and ESP processing in the next step.
Type: improvement
Change-Id: Ida4d6abbed141ac74d4d285900777778eb8a5a1d
Signed-off-by: Vinay Tripathi <vinayx.tripathi@intel.com>
|
|
Type: test
Change-Id: I5a2d1b2c92f2bb7c45a7b5e025584d9417487840
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Coverage increased from 21% to 80%
Type: test
Change-Id: Ic8ecc620cef738d7dbe4c259f58a373ac155a588
Signed-off-by: adrianvillin <avillin@cisco.com>
|
|
Type: test
Change-Id: Ib809f5a6c9e2f08d87f0070231df04d5f0040ca0
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ia8b5421cbaaf861ddb3ad7aeca53a077ff18864e
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Type: fix
|
|
Type: improvement
Since RFC4303 does not specify the anti-replay window size, VPP should
support multiple window size. It is done through a clib_bitmap.
Signed-off-by: Maxime Peim <mpeim@cisco.com>
Change-Id: I3dfe30efd20018e345418bef298ec7cec19b1cfc
|
|
Currently, TCP flags of a flow entry don't get reset once the flow is
exported (unlike other meta information about a flow - packet delta
count and octet delta count). So TCP flags are accumulated as long as
the flow is active. When the flow expires, it is exported the last time,
and its pool entry is freed for further reuse. The next flow that gets
this pool entry will already have non-zero TCP flags. If it's a TCP
flow, the flags will keep being accumulated. This might look fine when
exported. If it's a non-TCP flow, that will definitely look erroneous.
With this fix, reset TCP flags once the flow is exported. Also, cover
the reuse case with tests.
Type: fix
Change-Id: I5f8560afffcfe107909117d3d063e8a69793437e
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
|
|
Type: fix
Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Icdff3528fcaf863b400b9aca6c30d284bc17d5f0
|
|
Type: test
Change-Id: Iba94edb7eb439ddc994d9a16cb52108373d052ce
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
Alexander Chernavin
Florin Coras
Rune E. Jensen
adrianvillin
Damjan Marion
Maxime Peim
Artem Glazychev
Jieqiang Wang
Dengfeng Liu
Stanislav Zaikin
Dmitry Valter
Dave Wallace
hsandid
Filip Tehlar
vinay tripathi
Mohammed Hawari